v1.12 backports 2023-05-28 #25732
Merged
v1.12 backports 2023-05-28 #25732
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7d5cb09 to
b837996
Compare
|
/test-backport-1.12 |
b837996 to
ae1f8c0
Compare
|
/test-backport-1.12 Job 'Cilium-PR-K8s-1.18-kernel-4.9' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.18-kernel-4.9/21/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
mhofstetter
requested changes
May 30, 2023
There was a problem hiding this comment.
@sayboras thanks for the backport. requested some small changes regarding my backport.
ae1f8c0 to
6a30568
Compare
|
/test-backport-1.12 |
mhofstetter
approved these changes
May 30, 2023
nathanjsweet
approved these changes
May 30, 2023
|
@sayboras can we drop #20410 from this PR. I've discussed with @nathanjsweet offline. |
|
Sure, let me do it shortly 👍 |
[ upstream commit bfa4656 ] Remove logic from Documentation/Makefile that skips building 'update-helm-values' on non-x86 platforms. This limitation is no longer needed as we use the helm toolbox image, which is available for multiple architectures. Fixes: cilium#20236 Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit be2306d ] This is to correct the typo (i.e. l7Proxy instead of l7proxy) in helm validation if Ingress or Gateway API is enabled. Negative testing is done as per below ``` $ helm template --namespace kube-system cilium "./install/kubernetes/cilium" --set ingressController.enabled=true --set l7Proxy=false Error: execution error at (cilium/templates/validate.yaml:52:9): Ingress or Gateway API controller requires .Values.l7Proxy to be set to 'true' $ helm template --namespace kube-system cilium "./install/kubernetes/cilium" --set gatewayAPI.enabled=true --set l7Proxy=false Error: execution error at (cilium/templates/validate.yaml:52:9): Ingress or Gateway API controller requires .Values.l7Proxy to be set to 'true' ``` Fixes: ea404cf Reported-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit a0bfd5d ] The entity `ingress` is missing from the list of pre-defined entities which are available when defining policies which `fromEntities` and `toEntities`. This commits fixes this. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit e8fcd6b ] Envoy by default gets the source address from the `x-forwarded-for` header, if present. Always add an explicit `use_remote_address: true` for Envoy HTTP Connection Manager configuration to disable the default behavior. Also set the `skip_xff_append: true` option to retain the old behavior of not adding `x-forwarded-for` headers on cilium envoy proxy. Setting these options is not really needed for admin and metrics listeners, or most of the tests, but we add them there too in case anyone uses them as a source of inspiration for a real proxy configuration. This fixes incorrect hubble flow data when HTTP requests contain an `x-forwarded-for` header. This change has no effect on Cilium policy enforcement where the source security identity is always resolved before HTTP headers are parsed. Fixes: cilium#25630 Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
6a30568 to
bfb862c
Compare
|
/test |
|
/test-backport-1.12 Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-4.9/20/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
|
/test-1.19-4.9 |
|
Change requested is for the PR, which is dropped after, most of the reviews are in. Some failures in CI is due to wrong command trigger (e.g. /test instead of /test-backport-1.12), all required CI jobs are passed, marking this ready to merge. |
This was referenced Jun 12, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
service: Improve memory usage when handling update of a big service. #20410 -- service: Improve memory usage when handling update of a big service. (@alan-kut)Once this PR is merged, you can update the PR labels via: